Providing on-demand access to services in a wide area network

ABSTRACT

An integration services network is described which is operable to facilitate access to a composite service by a plurality of users having associated client machines. Each of the users is associated with one of a plurality of independent enterprises. At least one data store has a directory stored therein which maps an identity for each of the users to a policy framework which defines access information relating to a plurality of services. At least one computing device is operable to set up the composite service by integrating operation of the plurality of services. The plurality of services are associated with and controlled by a plurality of independent service providers.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/487,052, filed Sep. 9, 2014, entitled “PROVIDING ON-DEMAND ACCESS TOSERVICES IN A WIDE AREA NETWORK,” by Ron Palmeri and Stephen Reade(Atty. Docket No. SALE 1070-4), which application is a continuation ofU.S. application Ser. No. 12/753,709, filed Apr. 2, 2010, entitled“PROVIDING ON-DEMAND ACCESS TO SERVICES IN A WIDE AREA NETWORK,” by RonPalmeri and Stephen Reade, now U.S. now U.S. Pat. No. 8,838,883, issuedSep. 16, 2014 (Atty. Docket No. SALE 1070-3), which is a continuation ofU.S. patent application Ser. No. 11/016,566, filed Dec. 16, 2004,entitled PROVIDING ON-DEMAND ACCESS TO SERVICES IN A WIDE AREA NETWORK,’by Ron Palmeri and Stephen Reade, now U.S. Pat. No. 7,725,605, issuedMay 25, 2010 (Atty. Docket No. SALE 1070-2), which application claimspriority under 35 U.S.C. 119(e) to U.S. Provisional Patent ApplicationNo. 60/599,394, filed Aug. 6, 2004, entitled “METHODS AND APPARATUS FORPROVIDING ON-DEMAND ACCESS TO SERVICES IN A WIDE AREA NETWORK, by RonPalmeri and Stephen Reade, each of which are hereby incorporated byreference for all purposes.

The present application is also related to U.S. patent application Ser.No. 09/820,964, filed Mar. 30, 2001, entitled “SYSTEM AND METHOD FORMAPPING OF SERVICES,” (now U.S. Pat. No. 7,788,399, issued Aug. 31,2010), U.S. patent application Ser. No. 09/820,965, filed Mar. 30, 2001,entitled “SYSTEM AND METHOD FOR INVOCATION OF SERVICES,” (now U.S. Pat.No. 7,516,191, issued Apr. 7, 2009), U.S. patent application Ser. No.09/820,966, filed Mar. 30, 2001, entitled “SYSTEM AND METHOD FOR ROUTINGMESSAGES BETWEEN APPLICATIONS,” (now U.S. Pat. No. 7,689,711, issuedMar. 30, 2010), U.S. patent application Ser. No. 10/727,089, filed Dec.2, 2003, entitled “APPARATUS AND METHODS FOR PROVISIONING SERVICES,”(now U.S. Pat. No. 7,305,454, issued Dec. 4, 2007), U.S. patentapplication Ser. No. 10/728,356, filed Dec. 3, 2003, entitled “APPARATUSAND METHODS FOR CORRELATING MESSAGES SENT BETWEEN SERVICES,” (now issuedas U.S. Pat. No. 7,249,195, issued Jul. 24, 2007), and U.S. patentapplication Ser. No. 10/742,513, filed Dec. 19, 2003, entitled“APPARATUS AND METHODS FOR MEDIATING MESSAGES,” (now issued as U.S. Pat.No. 8,775,654, issued Jul. 8, 2014), the entire disclosures of all ofwhich are incorporated herein by reference for all purposes.

BACKGROUND OF THE INVENTION

The present invention relates to techniques for providinginteroperability between and among disparate entities, applications andservices in a network environment. More specifically, embodiments of theinvention provide techniques which provide on-demand access to differentcombinations of applications and/or services in such a networkenvironment.

Corporate reliance on technology has become more complex and pervasive.Increasingly, companies are identifying opportunities to extend theircore business or cut costs using the Internet. Both trends have putincreasing priority on integrating the operation of disparate businessapplications that exist in different enterprises. As a result, theenterprise application integration (EAI) and business-to-business B2Bindustries have emerged to provide solutions for unifying enterpriselegacy systems that may span corporate boundaries and may include theapplications of business partners and customers. Ideally, thisunification does not require sweeping changes to the underlyingapplications and data structures.

EAI and B2B solution providers typically offer end point solutions formanaging business process interactions between end points. This can takeplace within an enterprise on a local network or, in the case of B2B,across the Internet. Although a specific enterprise software package maybe designed to transparently handle diverse business processes carriedout by two or more end nodes, each specific enterprise software packagerequires releasing, implementing or building customized connectors oradapters to connect to different legacy systems which will work for thespecific business processes and applications used by the specific endnodes. As a result, these enterprise solutions are not easily scalable.Additionally, scores of connectors are needed for each vendor (e.g.,Oracle, SAP and Peoplesoft). As each supplier releases new versions oftheir software, EAI and B2B vendors find themselves unable to gaintraction under the burden of supporting existing connecters.

Notwithstanding the benefits of EAI and B2B solutions, the softwarecosts and resource investments required often prevent small-to-mediumenterprise (SME) customers from embracing EAI and B2B solutions. ForSMEs, reliance on web services technology providers represents anincreasingly attractive alternative.

The application service provider (ASP) market is one of the fastestgrowing segments of the software industry. ASPs make enterpriseapplications (e.g., human resources administration, recruiting, traveland expense management, sales force automation) available to customersover the web on a subscription basis. These applications are fullymanaged and hosted by the provider providing significant cost savings toenterprises and eliminating many of the issues requiring EAI solutions.

Some ASPs merely host and manage third-party packaged software for theircustomers (i.e., “managed hosters”). Others build new applications fromthe ground up to take advantage of the benefits and cost-savings of theASP model. ASPs enjoy the profit margins and operational scalability ofconsumer Web companies like eBay and Yahoo, while at the same timeoffering the feature sets of complex enterprise software applicationssuch as PeopleSoft and Siebel.

Although the ASP approach allows a business and its partners to usethird party or custom applications, this approach does not allow theconfiguring and dismantling of complex arrangements between businesspartners. Specifically, the ASP approach requires custom configurationswhen business partners use different data formats for their messages ordifferent communications protocols. Using these custom configurations,business partners specify the format of outgoing messages to comportwith the recipient's format requirements. These messages can then bedelivered to a recipient in a format understandable to the recipient.According to this approach, business entities must keep track offormatting and integration requirements of each of their recipientbusiness partners in order to achieve interoperability. This can becostly and time-consuming.

None of these ad hoc approaches to interoperability can practicallyprovide a single solution for facilitating the consumption of the widearray of disparate services employed by the typical enterprise.Moreover, none of these approaches is well suited to deliver such anarray of services in the personalized manner to which so many users ofthe World Wide Web have become accustomed.

In view of the above, there is a need for facilitating communicationsbetween and among diverse business entities, processes, and services ina scalable manner.

SUMMARY

According to the present invention, an interoperability network isprovided which mediates technology issues between disparate entitiescommunicating via the network. According to a specific embodiment, anintegration services network is provided which is operable to facilitateaccess to a composite service by a plurality of users having associatedclient machines. Each of the users is associated with one of a pluralityof independent enterprises. At least one data store has a directorystored therein which maps an identity for each of the users to a policyframework which defines access information relating to a plurality ofservices. At least one computing device is operable to set up thecomposite service by integrating operation of the plurality of services.The plurality of services are associated with and controlled by aplurality of independent service providers. The at least one computingdevice is further operable to connect with the client machines and eachof the services, and to selectively facilitate interaction among theclient machines and the services with reference to the directory and thepolicy framework, thereby enabling each of the users to access theplurality of services as an integrated solution.

According to another embodiment, a computer-implemented method forfacilitating access to a composite service by a plurality of usershaving associated client machines is provided. Each of the users isassociated with one of a plurality of independent enterprises. Access isprovided to a network having a directory associated therewith which mapsan identity for each of the users to a policy framework. The policyframework defines access information relating to a plurality of servicesassociated with the network. The network also has the composite serviceassociated therewith, operation of the plurality of services having beenintegrated to enable the composite service. The services are associatedwith and controlled by a plurality of independent service providers. Theclient machines are enabled to connect with the network and selectivelyinteract with the services in accordance with the directory and thepolicy framework, thereby enabling each of the users to access theplurality of services as an integrated solution.

A further understanding of the nature and advantages of the presentinvention may be realized by reference to the remaining portions of thespecification and the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simplified network diagram of a network environment in whichembodiments of the present invention may be practiced.

FIG. 2 is a simplified block diagram of an interoperability networkaccording to a specific embodiment of the invention.

FIGS. 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, and 13 illustrate various aspectsof application and data integration for specific combinations ofservices according to various embodiments of the invention.

FIG. 14 is a simplified diagram of an exemplary computing devicesuitable for implementing various aspects of the present invention.

DETAILED DESCRIPTION

Reference will now be made in detail to specific embodiments of theinvention including the best modes contemplated by the inventors forcarrying out the invention. Examples of these specific embodiments areillustrated in the accompanying drawings. While the invention isdescribed in conjunction with these specific embodiments, it will beunderstood that it is not intended to limit the invention to thedescribed embodiments. On the contrary, it is intended to coveralternatives, modifications, and equivalents as may be included withinthe spirit and scope of the invention as defined by the appended claims.In the following description, specific details are set forth in order toprovide a thorough understanding of the present invention. The presentinvention may be practiced without some or all of these specificdetails. In addition, well known features may not have been described indetail to avoid unnecessarily obscuring the invention.

Embodiments of the present invention are implemented in aninteroperability network which is a message platform having a looselycoupled, service oriented architecture (SOA). One of the main advantagesof such an architecture is that it allows communication (e.g., theconsumption of services) between network end points and processes totranscend technology or protocol mediation issues. An end point, e.g., auser, or a process, e.g., a service, simply connects to the network andthat one connection implicitly connects that end point or process (atsome level) to every other entity on the network.

As used herein, the term “service” may represent any computerapplication, process, entity, or device accessible to otherapplications, processes, entities, or devices through an interface suchas an application programming interface (API), user interface, orInternet web user interface by any of a variety of protocols over anetwork within an entity or over the Internet. A service may alsocomprise multiple methods or applications on a single device ordistributed across multiple devices.

According to various specific embodiments of the invention, aninteroperability network is provided which facilitates interoperabilityusing a wide variety of Web Services technologies and standardsincluding, for example, SOAP, Web Services Description Language (WSDL),WS-Security, WS-Policy, and Business Process Execution Language (BPEL).The interoperability network mediates the technology differences in dataformats, communications protocols and business policies through a set ofestablished and defined processes and policies.

In general, the term Web Services refers to a collection of technologystandards which enable software applications of all types to communicateover a network. A Web Service typically facilitates a connection betweentwo applications or services in which queries and responses areexchanged in XML over HTTP. More specifically, the term Web Servicesimplies the implementation of a stack of specific, complementarystandards.

Although not specifically tied to any transport protocol, Web servicesbuild on Internet connectivity and infrastructure to ensure nearlyuniversal reach and support. In particular, Web services take advantageof HTTP, the same connection protocol used by Web servers and browsers.XML is a widely accepted format for exchanging data and itscorresponding semantics. It is a fundamental building block for nearlyevery other layer in the Web Services stack.

The Simple Object Access Protocol (SOAP) is a protocol for messagingbetween applications. It is based on XML and uses common Internettransport protocols like HTTP to carry its data. Web ServicesDescription Language (WSDL) is an XML-based description of how toconnect to and communicate with a particular Web service. A WSDLdescription abstracts a particular service's various connection andmessaging protocols into a high-level bundle and forms a key element ofthe UDDI directory's service discovery model. Finally, UniversalDescription, Discovery, and Integration (UDDI) represents a set ofprotocols and a public directory for the registration and real-timelookup of Web services and other business processes. Various embodimentsof the invention employ these and similar technologies.

Referring now to the exemplary diagram of FIG. 1, user platforms 102(which may be part of an enterprise network) connect with ainteroperability network 104 via intervening networks 106.Interoperability network 104 (e.g., using one or more computing devicessuch as server 107) facilitates access to selected ones of associatedservices 108 which may be sponsored or provided by network 104, or maycomprise application services from third parties. These services mayactually reside in the network or be connected via intervening networks(e.g., 109). As mentioned above, network 104 provides transparentconnections to and interoperability with a wide variety of services andapplications. Interoperability network 104 has a directory capability(represented by database 112) which facilitates management of useridentities (e.g., including role and group membership), applicationservice identities, and policies which control which entities in thenetwork can interact, and the manner in which they can interact.

According to some implementations, the interoperability network employsthe directory to manage interactions among the services associated withmany independent organizations, each with different access,authentication and encryption technologies. Differences inorganizational security policies are handled using a policy frameworkwhich mediates the differences. According to some embodiments, eachorganization is able to configure and enforce access rights withmultiple methods of authentication being supported.

According to some implementations, the interoperability network supportsWS-Policy, a flexible mechanism which enables enterprises to governaccess to the services they have deployed on the interoperabilitynetwork. Such a mechanism may be employed, for example, to ensure thatdata are exchanged over encrypted connections to the interoperabilitynetwork, that user and service identities are verified (using thedirectory), and that access to a particular service is limited andcontrolled. According to various implementations, such capabilities aresupported using industry standards such as, for example, SSL, IPSECVPNs, and X.509 digital certificates.

Thus, interoperability network 104 provides a hosted, open, andshareable environment in which related and unrelated entities mayprovide and consume services using heterogeneous technology.

One approach to facilitating connection to and the consumption ofservices via such an interoperability network involves separating themessaging function into two different aspects, message delivery andmessage posting. Message delivery relates to how messages are deliveredfrom the network to a service and requires only that the serviceprovider specify how the service expects to receive messages, i.e., themessage format and communication protocol. Message posting relates tohow, depending on its type, a service is required to post messages tothe network and identify services to be consumed. By decoupling thesetwo aspects of messaging, a consumer of a service need only be able toidentify the service to be consumed for the network to successfullymediate the interaction.

Additional examples of computer networks in which the techniques of thepresent invention may be implemented are described in the copendingpatent applications incorporated herein by reference above. However, itshould be understood that the networks described herein and in thesecopending applications are merely exemplary and not meant to limit thescope of the present invention.

The present invention is generally related to techniques for providingon-demand access to combinations of services within a computer networksuch as, for example, the interoperability network described above orthe networks described in the above-referenced patent applications.Several of these embodiments are described below as being implementedwithin an interoperability network which may also be referred to as“Grand Central.” Grand Central provides an interoperability networkwhich allows users to set up or register multiple entities to shareinformation, applications, and services efficiently and reliably. Itshould be noted that the details relating to the Grand Central networkare not intended to limit the scope of the invention. Rather, anysuitable interoperability network may be enhanced according to thetechniques described herein. It should also be noted that any of thefeatures specified in the above referenced patent applications may beintegrated and used with the techniques of the present invention.

The Integrated Application Suite (IAS) solution implemented according tospecific embodiments of the invention enables the effective deployment,aggregation, integration, and maintenance of any combination of thevarious services, applications and tools available on aninteroperability network. According to such embodiments, a powerful,cost effective ASP solution with all applications seamlessly integrated,is delivered in an on-demand model. The IAS solution provides fullyintegrated suites of business tools and applications, and enables aneasy to use, yet powerful set of system capabilities including theauto-provisioning of application and tool suites, all of which may be“pre-wired” with the necessary adapters, connectors, and integratedcritical business processes.

The various elements of the IAS solution are aggregated and integratedby the interoperability network platform. The interoperability networkenables the effective aggregation, distribution, and integration ofbusiness processes of both data and services. All of the requiredregistrations, provisioning, synchronization, and reconciliation areaccomplished, maintained, and monitored via the network.

The IAS solution allows small business to have access to integratedbusiness processes that are delivered as a service. These businessprocesses enable such businesses to have a single integrated view intostandard business tools that can be deployed seamlessly across theirenterprise. In addition, the integrated applications and correspondingbusiness processes delivered by the IAS solution reduce the amount ofdata entry and other duplicated activities, thus ensuring greaterefficiencies and fewer errors. Because the entire solution is deliveredas a service, the small business has no hardware and software to manage,purchase, or maintain, thereby significantly reducing costs.

According to a specific embodiment illustrated in FIG. 2, the componentsof the Integrated Application Suite (IAS) solution 202 include aRegistration and Administration Portal (RAP) 204, an IAS Toolbar 206, anIAS Dashboard 208, and Composite Processes 210, all deployed in andenabled by an Interoperability Network 200.

The RAP is the first interface that a prospective user encounters andfacilitates signing-up the user and establishing the initialrelationship. It may include any of the following: service providerbranding, registration pages, service package selections, paymentmanagement, documentation on particular IAS offerings, supportinformation, etc. The RAP also includes a link for download of the IASToolbar.

By using the RAP, users of composite services will be able to establishan identity on the network and select business applications frompre-defined packages. This identity is propagated to the selectedenterprise applications. For each package selected, there is a statedSystem of Record (SOR). The SOR is used via its standard web interfaceto enter initial user or corporate information. This information will bedelivered and replicated to the other applications by the IAS solution.All other updates to the SOR from that point on are propagated in asimilar fashion.

In order to simplify access to the IAS solution, the IAS Toolbar (whichis deployable from a link in the RAP) may be installed on the user's webbrowser. This toolbar performs several functions including, for example,Single Sign-On (SSO) of the user for enterprise applications,single-click access to native web interfaces for enterpriseapplications, IAS Dashboard launch, administration mode (allowsconfiguration of SSO and toolbar configuration, and various ancillaryfunctions (e.g., search, help etc.).

The IAS Dashboard is launched from the IAS Toolbar and provides a webbrowser environment for initiating composite processes from a palette ofpredefined services and composite processes. These will form the“pre-plumbed” aspect of the IAS solution, and provide a library ofbusiness functions that span multiple enterprise applications from theselected package. By using these composite processes, the user willenter required information into the IAS Dashboard and the compositeprocess will perform the dissemination of “messages” to the associatedsystems. The interoperability network performs all the complexintegration requirements on demand, such as mediation of security,format, protocol, and enables the transformation, orchestration, anddelivery of all “messages” included in the composite processes for allapplications. The IAS Dashboard may also incorporate service providerbranding, role-based content presentation (general user, administration,etc.), diagnostic reporting (based on services executed), andapplication administration and help pages.

According to a specific embodiment, the interoperability networkprovides the functional and data integration capabilities, as well asbusiness process engines, security management, directory services andgraphical interface support. Hence, all the complexity of connecting a“many to many” environment is handled by defining the application on theinteroperability network one time. According to some embodiments, theIAS solution employs a “rich client” infrastructure. This is adownloadable web browser plug-in that supports the interoperabilitynetwork and permits graphical components to interact with the servicesand processes deployed on the network.

For development purposes, a rich client provides a developmentenvironment (e.g., environment 212), which also runs from within abrowser as an automatically downloadable plug-in.

The IAS solution eases integration between systems by moving thecomplexity usually required at the edge into the network. This allowssimple connections, with the network taking care of interoperabilitybetween each node. The network adapts to the communications protocolsand data formats used by customer applications so that minimaladditional software is required at the customer site. Using this looselycoupled approach, the interoperability network is able to “on-board”customers in a matter of minutes or hours instead of the weeks andmonths it can take to conduct traditional integration products withsoftware and hardware.

The IAS solution may be implemented in the interoperability networkdescribed above. Additional characteristics of a specificinteroperability network in which an embodiment of the IAS solution maybe implemented will now be described. It should be noted thatembodiments of the invention may be implemented in networks which do notinclude all of the characteristics and functionalities described.Rather, the details of the following description are only being providedby way of example.

A powerful, shared directory 214 lies at the heart of theinteroperability network which enables disparate entities to easilydiscover, access, reuse and share services and business processes in thenetwork. The Business Services Directory simplifies and accelerates thecreation and extension of Business Solutions. The public directory ofservices enables services to be categorized (e.g., by category andprovider) and published so that they can easily be woven into solutions.Any third party can easily expand the reach of their services bypublishing them in the directory. A private directory of servicesprovides comprehensive access control on an individual user, role, orgroup basis.

Differences in technology implementations such as connectivity standardsand data formats are mediated by the interoperability network incontrast with the conventional approach of “hardwiring” them. This‘loose-coupling’ provides the flexibility for services and applicationsto change in the future without breaking the solution. The IAS solutioncan use whatever standards-based technology is preferred today, and verysimply migrate to new standards and policies as they emerge. Inaddition, the network can rapidly and inexpensively react to customerneeds and respond to emerging business opportunities with little or noadditional investment.

The interoperability network provides secure, reliable messaging, withconnectivity options (e.g., protocol handling services 216) that rangefrom traditional file and batch-based systems such as FTP, to evolvingstandards such as EDI/AS2, XML/HTTP and Web services protocols. A widerange of legacy applications and connectors for existing enterprisesystems are supported, as well as web portals, application servers,desktop applications and handheld devices—any software designed for Webservices.

The interoperability network provides a comprehensive suite of datamapping network services for mediating differences between data formats.An industry standard XSLT service performs mapping between XML baseddata formats—with maps being easily created through a wide variety ofreadily available XML tools.

Security policy mediation in the network ensures that trustedrelationships can be managed between many organizations, each withdifferent access, authentication and encryption technologies, withoutunnecessary exposure of data and applications resident behind corporatefirewalls. Differences in corporate security policies are mediatedthrough a policy framework. The solution provider is in complete controlof configuring and enforcing access rights, and multiple levels ofauthentication are supported. A complete permissions model is providedfor configuring and enforcing access rights. Authentication methodssupported include VeriSign certificates to validate identity of businesspartners. Connections between enterprises and the interoperabilitynetwork are secured at 128-bit encryption.

A full suite of on-boarding options simplifies the process of connectingpartners and customers, so that valuable time is not lost engaging newbusiness relationships. Each partner can choose the appropriatetechnology and the preferred connection method.

Automating business processes between applications and services is not asingle event, but an ongoing process that can require the orchestrationof multiple many-to-many interactions with tens if not hundreds of otherorganizations. The interoperability network provides a rich,open-standards based process development environment, which enables thecreation and deployment of many-to-many business processes in thenetwork. It provides the fundamental building blocks and platformservices required to rapidly create, combine, clone and customizebusiness process solutions and share them with others, without having tobuy and deploy expensive and complex enterprise software. Commonly usedprocesses and services can be published in the services directory forreuse. Simple and flexible message routing for performing basic processorchestration gives the ability to chain together services from multipleparties to form business processes.

In some implementations, BPEL Version 1.1 is delivered in an open,service-based model, allowing a variety of endpoints to feed into andout of a business process—from traditional EDI or FTP-enabled endpoints,to SOAP-enabled endpoints. Because the BPEL service gains all thebenefits of the network's service-based model including itsextensibility, flexibility, visibility and control, the execution ofBPEL scripts is done without the need to deploy costly hardware orsoftware within the enterprise.

Message Routes and BPEL services can be wrapped as services andpublished and shared publicly or privately—providing an open andreusable model for integrating and building business processes betweenpartners. Of course, it will be understood that BPEL is just an exampleof how business processes may be implemented. Other tools and approachesto business process design may be employed such as, for example, processdesign tools from Grand Central Communications, Inc. of San Francisco,Calif.

Monitoring, reporting and exception management features (e.g., 218) ofthe interoperability network improve the quality and scope of servicesthat can be delivered by providing shared context and end-to-endvisibility of all business processes that flow through the network.Services can take actions based on real-time events, using event-basednotifications combined with business process management tools.

The loosely coupled Services Oriented Architecture of theinteroperability network allows changes in connectivity, data format andsecurity choices as well as providing expanded services withoutnegatively impacting other participants. The policy framework ensuresthat any negative changes (such as a customer or service providerdropping to a lower level security) are trapped and flagged forremediation without compromising the integrity of the interaction.

The interoperability network provides shared visibility into a number ofaspects of interactions on the network. Customizable reports on thestatus and history of any service, business process, or datarelationship provides the ability to trace correlated messages andtransactions. Event-handling mechanisms can be configured by partnerswith rules to route a wide range of exceptions.

Alerts can easily be programmed into business processes enabling thoseprocesses to effectively operate automatically unless a problem isencountered. Once activated, alerts can be directed to other services onthe network, external endpoints for integration into enterprisemanagement systems, or converted to e-mails, pages or faxes.

A unique tracking ID is issued for each interaction spanning individualpoint to point data exchanges as well as long-lived, multiple messageexchanges. Message audit trails and transaction information iscollected, persisted and validated to help resolve transaction disputesby providing proof of who sent a message, proof of submission and proofthat the message has been given to the intended recipient.

In general, the interoperability network addresses user on-boarding andongoing management issues by moving mediation and management ofconnectivity and integration into the network. It is the network thatadapts to each enterprise's environment, instead of the enterpriseneeding to adapt to the network.

A specific embodiment of the IAS solution provides for the offering andsubsequent provisioning of integrated application suites. A list ofservices and the options for consuming them are presented to a potentialuser in an email or web interface. A link to a Business Solution Centeris also presented where the user can choose the integrated applicationsuite they require along with any optional services. Offers can be verydetailed, including information on data formats, SLAs, and terms of usein addition to basic service information. When the user accepts theoffer, the interoperability network provisions an account, configuresany connectors, permissions, services to be consumed, and then enablesthe user to set security policies.

Conventionally, integration preparedness is limited to either 1) an EAIvendor providing an infrastructure you can work with, or 2) anapplication vendor exposing APIs for use in integration. Given these twostarting points, it is up to the developer to derive a working systemand to bear the consequent costs. And yet the effort has often been donebefore, meaning that the applications of such vendors have beenintegrated repeatedly with the same problems being encountered andresolved.

To address these issues, embodiments of the invention employ“Pre-Plumbed Applications.” That is, using the interoperability networkas the EAI infrastructure, the required applications are integrated(function and data) and the resulting services deployed. These servicescan be combined to form composite services through the use of processdefinitions which can span multiple integrated applications. Theseservices may then be consumed either programmatically or through the IASDashboard.

According to the invention, the interoperability network allows theloose coupling of applications into sets of composite processes. Forevery class of application that is added, the network creates a“normalized” view of the application within the directory. As anexample, with Customer Relationship Management (CRM), although there areseveral packages capable of doing this, the interactions are standard,for example: add salesperson, delete salesperson, post closed sale toaccounting, etc. The interfaces into the applications will be definedand the business processes between them will be a set of standardprocesses that will require minimal modification when new packages areadded.

These processes are controlled either through the applicationsthemselves (if they have the appropriate customization tools available),or through the IAS Dashboard which is customized to the business processthat will provide a set of tasks to users with the correct permissions.The IAS Dashboard may be configured to provide business level reports onthe interactions between applications, such as:

“Shopping Cart: Sold Item XXXX to customerID XXXX transferred toaccounting system on XX/XX/XX at XX:XX”

In addition, the IAS Dashboard may be configured to provide simpleescalation rule configuration, e.g. when an error of type X happens,either call, e-mail, page or IM user XXX.

According to a specific embodiment, the interoperability network isoperable to leverage, wherever possible, existing and evolving standardsto ensure that these business processes conform to the needs ofcustomers. This approach enables customers and service providers toeasily extend solutions using a commonly understood, non-proprietaryframework. For example, the Universal Business Language is an effortcurrently being conducted under the auspices of OASIS to simplifybusiness interactions. The purpose of the OASIS UBL Technical Committeeis to develop a standard library of XML, business documents (e.g.,purchase orders, invoices, etc.) by modifying an already existinglibrary of XML schemas to incorporate the best features of otherexisting XML business libraries. The Technical Commitee will then designa mechanism for the generation of context-specific business schemasthrough the application of transformation rules to the common UBL sourcelibrary. UBL is intended to become an international standard forelectronic commerce freely available to everyone without licensing orother fees. The interoperability network is designed to take advantageof such developments.

According to specific embodiments, a wide variety of applications and/orservices deployed in or accessible via an interoperability network areintegrated or bundled in various combinations. Three exemplarycombinations corresponding to different suites of services are describedbelow. It will be understood that these are merely examples of thevirtually unlimited combinations of services enabled by the presentinvention.

According to one embodiment, an eCommerce solution is provided whichenables individuals and small businesses to quickly and easily set up anonline commercial presence. This solution supports scenarios such ascompletion of eCommerce sales sequences (shopping carts, shippingoptions, tax calculations and so forth) with sales orders and purchaseorders and payment. Online storefront capabilities are provided by MivaCorporation (www.miva.com). Financial management tools, i.e.,QuickBooks, are provided by Intuit, Inc.(http://quickbooks.intuit.com/). Online payment processing capabilitiesare provided by PayPal, Inc. (www.paypal.com).

According to another embodiment, a Customer Relationship Management(CRM) solution is provided for small and medium-sized enterprises(SMEs). In addition to full CRM and financial capabilities, this suitesupports end-to-end sales event expense management, as well as the otherfinancial implications of doing business which traditionally impactseveral systems. In addition to providing the financial management toolsof QuickBooks and the storefront capabilities of Miva, this solutionprovides the CRM tools of Salesforce.com (www.salesforce.com) and theexpense management tools of Gelco Information Network, Inc.(www.gelcoexpense.com).

According to yet another embodiment, a Human Resource (HR) managementsolution is provided which enables SMEs to efficiently manage theirhuman resources and employee benefits. This suite provides a library ofpredefined processes that impact multiple enterprise applications everyday (for example, hiring employees, setting up payroll, changemanagement, etc.). HR management tools are provided by Employease, Inc.(www.employease.com). Payroll processing tools are provided by AutomaticData Processing (ADP), Inc. (www.adp.com). Expense management andfinancial management tools are provided by Gelco and Intuit,respectively.

The details of integrating with each of the applications or servicesmentioned above are described below. It should again be noted that thesedescriptions are provided for exemplary purposes only, and that thepresent invention is not limited to the identified services,applications, or integration techniques.

Integrating to QuickBooks: Overview

With over 8 million users of the QuickBooks financial managementsolution, Intuit has released a well-defined Software Development Kit(SDK) which enables integration of QuickBooks with 3.sup.rd partysystems. The QuickBooks SDK provides a common methodology forintegrating an application with QuickBooks regardless of QuickBooksversion. At the core of this methodology is qbXML, a version of XMLdesigned for QuickBooks. In addition to the innovation around qbXML, theSDK is compatible with many different development environments.

Developers leveraging the QuickBooks SDK start with a standards-basedfoundation for creating their integrations. The SDK includes requiredsoftware libraries, XML schema definitions, and utilities to acceleratedevelopment.

When creating an integrated application to QuickBooks, developers maychoose from 2 different APIs:

(1) the qbXML Request Processor which requires the developer to createand parse documents written in qbXML; and

(2) the QuickBooks Foundation Class (QBFC) Library which is a library ofCOM objects that implement the qbXML specification. This API eliminatesthe need to create and parse qbXML directly in the code.

FIG. 3 illustrates the high-level interaction between the two APIs anddifferent versions of QuickBooks. It's important to note that regardlessof the QuickBooks version (desktop or online) the only difference iscommunication protocol.

Basic communication to QuickBooks is based on a client/server modelshown in FIG. 4. The application sends a “request message” toQuickBooks, and QuickBooks sends back a response message. There is aone-to-one correspondence between request and response messages.

The qbXML Request Processor and QBFC API provides the following COMmethods for communications with QuickBooks: (1) OpenConnection, (2)BeginSession, (3) ProcessRequest, (4) EndSession, and (5)CloseConnection.

Integrating via the qbXML Request Processor requires the construction ofa qbXML document. qbXML follows normal XML convention with thedefinition of elements and attributes. A qbXML document must include thename of the QuickBook Object, QuickBook Operation and request data inthe body of the XML document. With a properly constructed qbXMLdocument, the qbXML Request Processor will initiate the call toQuickBooks.

QuickBook Objects are used when making requests to QuickBooks. Objectsare divided into two categories: lists and transactions. Listscorrespond to lists of information (i.e. Account List, Entity List, etc.. . . ). Transactions correspond to basic accounting entities (i.e.Accounts Receivable Transactions, Sales Receipts, etc. . . . ).

Whereas the Objects are the nouns of the request, an Operation is theverb. QuickBooks supports 5 Operations: Query, Add, Modify, Delete, andVoid.

In addition to specifying an Object and Operation, a qbXML requestdocument must be included as part of the request. Listed below is asample qbXML request document that adds a customer to QuickBooks:

<?xml version=“1.0”?>  <?qbxml version=“3.0”?> <QBXML>  <QBXMLMsgsRqonError=“StopOnError”>   <CustomerAddRq requestID = “1”>   <CustomerAdd>     <Name>Sally Smith</Name>    <FirstName>Sally</FirstName>     <LastName>Smith</LastName>    <Phone>123-2345</Phone>    </CustomerAdd>   </CustomerAddRq> </QBXMLMsgsRq> </QBXML>

In the above example a Customer Object is used in conjunction with theAdd operation. The corresponding qbXML response document to this requestis:

<?xml version=“1.0”?> <QBXML> <QBXMLMsgsRs>  <CustomerAddRsrequestID=“1” statusCode=“0”    statusSeverity=“Info”   statusMessage=“Status OK”>   <CustomerRet>  <ListID>30000-1029522127</ListID>  <TimeCreated>2003-08-16T11:22:07-08:00 </TimeCreated>  <TimeModified>2003-08-16T11:22:07-08:00 </TimeModified>  <EditSequence>1029522127</EditSequence>   <Name>Sally Smith</Name>  <FullName>Sally Smith</FullName>   <IsActive>true</IsActive>  <Sublevel>0</Sublevel>   <FirstName>Sally</FirstName>   <LastName>Smith</LastName>    <Phone>123-2345</Phone>   <Balance>0.00</Balance>    <TotalBalance>0.00</TotalBalance>   <JobStatus>None</JobStatus>   </CustomerRet>  </CustomerAddRs></QBXMLMsgsRs> </QBXML>

Unlike the qbXML Request Processor, integration accomplished with theQBFC Library requires no construction and parsing of a qbXML document.QBFC is implemented as a COM library that can be manipulated withvarious programming languages. The QBFC library: (1) employs standardCOM concepts, such as data types (BSTR, long), error handling, andmethod signatures; (2) Supplies data type objects that provide theability to enforce the qbXML data types; (3) Matches object and elementnames to the underlying qbXML specification; and (4) Maintains therequest-response model.

The QBFC COM objects are grouped into several categories, namely: (1)Session Management; (2) High-Level Request Information; (3) High-LevelResponse Information; (4) Message Data; and (5) Data Types. A detaileddescription of the functionality and implement of all QBFC COM Objectscan be found in the QuickBooks SDK, incorporated herein by reference forall purposes.

Integration of QuickBooks to the interoperability network of the presentinvention is accomplished with a QuickBooks connector. The QuickBooksconnector is responsible for managing communication, security,transactions, and data translation with the network. The QuickBooksconnecter is able to support synchronous and asynchronous communicationto the network. Transformation between 3d party data formats and qbXMLis centralized in the network. The connector facilitates Single Sign-onbetween the interoperability network and QuickBooks. All transactionsare managed by the network to guarantee transactional integrity of allbusiness processes.

Integrating to Miva Merchant: Overview

As one of the most popular SMB storefront applications in themarketplace today, Miva Merchant is architected from the ground up foran internet environment. Miva Merchant documents a well-definedapplication integration framework for integrating and extending the MivaMerchant application.

The Miva Merchant integration framework includes a scripting language,virtual machine, vendor-developed business functions and a well-defineddatabase schema. By creating programs authored in the Miva ScriptLanguage, developers can rapidly and easily integrate the Miva Merchantsuite to 3rd party applications. The Miva Virtual Machine acts as arun-time environment for the custom programs. When interacting with MivaMerchant Data, developers have the option of interacting directly withthe database or through the vendor-developed business functions, MivaDatabase Functions.

Miva Script is a server-side scripting language that is implemented bythe Miva Virtual Machine. Miva Script is based on XML tags correspondingto typical programming language constructs such as assignmentstatements, conditional expressions, loops and input/output statements.Listed below is a sample snippet of a Miva Script:

TABLE-US-00003 <MvFUNCTION NAME = “ShippingModule_Description”PARAMETERS = “data” STANDARDOUTPUTLEVEL = “”>   <MvASSIGN NAME =“l.name” VALUE = “”>   <MvIF EXPR = “{ UPS_Open_Store( ) }”>     <MvIFEXPR = “{ UPSMethod_Find_Code ( l.data ) }”>       <MvASSIGN NAME =“l.name” VALUE = “{ ‘UPS ’ $     UPSMethods.d.name }”>       </MvIF>      <MvASSIGN NAME = “l.ok” VALUE = “{       UPS_Close_Store ( ) }”>    </MvIF>   <MvFUNCTIONRETURN VALUE = “{ l.name }”> </MvFUNCTION>

Miva Script programs are compiled by the Miva Script Compiler, then rununder the Miva Virtual Machine.

Extending functionality of the Miva Merchant Suite is accomplishedthrough Miva Modules. Miva Modules are self-contained programs thatdevelopers create to supply additional functionality to the MivaMerchant Suite. A Miva Module is programmed using Miva Script andcontains a set of Miva Functions. There are 13 types of Miva Modules andeach type requires specific Miva Functions to be implemented. The 13types of Miva Modules are listed below:

Module Type Description BATCHREPORT Batch Order Reporting CURRENCYCurrency EXPORT Data Export FULFILLMENT Fulfillment IMPORT Data ImportLOG Logging PAYMENT Payment Processing SHIPPING Shipping STOREUTIL StoreUtility SYSTEM System Extension TAX Tax UI User Interface STOREWIZARDWizard in a Store WIZARD Wizard at Domain

A custom Miva Module is created by extending one of the standard moduleslisted above. For example, a SalesforceExport Module would extend theMiva EXPORT module. This Module would be programmed in Miva Script andimplement the required functions for an EXPORT module.

In addition to interacting with the Database directly, developers mayalso use the pre-packaged Miva Database Functions. The Miva DatabaseFunctions are a set of well-tested and pre-defined Miva Functions forcommon database tasks such as finding data and reading/writing data. TheMiva Database Functions are incorporated in custom Miva Modules. Listedbelow is the current set of Miva Database Functions:

Administration Affiliate Attribute Attribute Template Availability GroupBasket Batch Category Country Customer Domain Encryption Group InventoryKeys Miva Mailer Module Notifications Option Order Price Group PrivilegeProduct Provisioning Related Products State Statistics Store TasksUpsell User Utility

Interacting with the Miva database directly is accomplished through MivaScript. The Miva Script language defines a syntactic language formanipulating data with the Miva database.

The recommended practice for integrating a Miva Merchant applicationwith external systems is via a Miva Script Commerce Library. A MivaScript Commerce Library is an extension of the Miva Script language. TheMiva Script Commerce Library acts as a communication link between anexternal system and a Miva Script. The Library is written in the Cprogramming language.

Miva provides a well-defined API for creating custom Miva ScriptCommerce Libraries. The APIs define functional interfaces which must beimplemented by the developer to create a custom Commerce Library. Theinterfaces may be broken down into four categories: memory allocation,variable manipulation, networking and file. In addition to handlingconnectivity to an external system, it is recommended that all datanormalization be handled by the Commerce Library. Examples of customCommerce Libraries developed in the past have integrated Miva Merchantwith Payment Gateways (i.e. PayPal, Authorize.net, etc. . . . ),Finanical Packages (i.e. Quickbooks, Great Plains, etc. . . . ) andTrading Networks (i.e. Ariba, Commerce One, etc. . . . ).

Integrating Miva Merchant to the interoperability network of the presentinvention involves the creation of a Grand Central Miva Merchant Module(GCMM). The GCMM is responsible for managing connectivity, security, andtransactions with the network. For connectivity, the GCMM exposes a WSDLfor the network to register as an endpoint. In addition, the GCMM isable to interact with the network in a synchronous or asynchronousfashion. The security required to enable single sign-on is managed bythe network. For cases when transaction context is important to thebusiness process, the GCMM manages the coordination of the transactionalprocess.

PayPal Application Integration: Overview

Most PayPal members currently use the PayPal website to manage theirPayPal transactions. Members additionally can use PayPal merchant tools,such as PayPal Shopping Cart and Instant Payment Notification, for moreadvanced payment functions.

PayPal now extends this flexibility with the introduction of PayPal API.The API is based on web services standards, such as SOAP and WSDL.PayPal merchants can use web services technology to create applicationsthat work directly and automatically with PayPal. PayPal API calls canautomate certain PayPal functions that normally would require a personto manually enter information. For example, the PayPal Refund API allowsmerchants to automate refunds to buyers. This is especially useful forlarge merchants who make hundreds of refunds each month. PayPal APIcalls are accessible by qualified Business and Premier accounts.

Currently, PayPal provides two API calls: RefundTransaction andGetTransactionDetails. More API calls for bulk processing will beavailable soon.

In addition to the API, PayPal can also send payment alerts calledInstant Payment Notifications (IPNs) to applications when a payment hasbeen made on PayPal. Grand Central has implemented an IPN handler thatcan accept an IPN, validate with PayPal that the IPN is a genuine IPN(not a spoof message), and trigger the next step in the business process(e.g. shipping, packaging, etc.)

Employease Application Integration: Overview

Employease supports application integration through the EmployeaseWebAPI, a web services toolkit supporting SOAP, XML, HR-XML and ebXML.The WebAPI provides On-Demand services (import and export) for theexchange of information over HTTPS as illustrated in FIG. 5.

Employease On-Demand sevices can be used by applications external to theEmployease Network (EN) to create new and modify existing employeerecords in the EN. Multiple services have been created and each islimited to specific transaction types. The table below defines theemployee provisioning services that are currently available.

TABLE-US-00005 Service Name Description EmployeeImport TheEmployeeImport service either inserts a new employee record into the ENor updates an existing record in the EN. The EmployeeImport service isresponsible for determining the type of transaction that is executed.EmployeeInsert The EmployeeInsert service inserts a new employee recordin the EN. If a duplicate record is submitted by the requestingapplication the record is rejected.

Each of the employee provisioning web services supports multiple typesof employee data including demographic, work, earnings and userinformation.

Employease web services are based upon the Employease Automated ExchangeArchitecture and messaging specification EConnectXML, an extension ofebXML.

The ebXML specification allows for a variety of message processingscenarios—from asynchronous where the requests, replies, andacknowledgements are sent over separate channels—to synchronousmessaging where all operations are carried over a single HTTPSconnection. In this specification, messaging is conducted over HTTPS.The Request sent by the MP and the Response returned by EConnectXML isall handled on a single HTTPS Post method. The diagram below illustratesthe message processing involved. The MP executes a HTTPS POST methodwith the necessary ebXML MIME structure and EConnectXML responds with anebXML Response message over the same HTTPS connection.

FIG. 6 illustrates the steps in the protocol involved in aRequest-Response interaction. More specifically, an EConnectXMLtransaction between A and B is shown in which A represents the MessagingPartner (MP) accessing a Business Process (BP), B—representsEConnectXML, and C—represents Business Process (BP) executed byEConnectXML. As shown, (1) A initiates an HTTPS/1.1 connection with B ona predetermined URL (https://home.eease.com/EConnectXML) that representsB's address. (2) A uses the HTTPS connection to send the EConnectXMLmessage as a POST operation. (3) A waits for a response to the messageto be returned in the HTTP stream. (4) B has an HTTPS/1.1-complaintserver that dispatches the HTTPS Request to the resource specified bythe URL used in (1). (5) B's resource identified in (4) reads theEConnectXML message contents, maps the Request to the appropriatehandler for further processing. (6) An appropriate Business Process (C)is initiated based on the Request. (7) B's Business Process (C) performsthe work that the Request specifies and sends the required informationback in an ebXML message. (8) B sends the Response to A through theHTTPS connection established in (1). (9) A reads the Response andreturns it to the process that initiated the Request. (10) A closes theHTTPS connection established in (1).

This process is then repeated for further Request/Response cycles. FIG.7 shows the possible contents of the ebXML Request and Response. Asshown, the entire business process is encapsulated within a single HTTPSmethod. The MP waits on the HTTPS Post for a response to be returnedfrom EConnectXML. Appropriate timeout constraints must be accounted foron both sides of the HTTPS connection. EConnectXML has a default timeoutof 30 minutes.

This messaging structure allows for a variety of business processes tobe supported:

1) Document/Data export type business processes where the MessagingPartner is requesting payload to be returned. A document of arbitrarysize can be returned. It can be XML, ASCII, or potentially otherformats.

2) Document/Data import type business processes where the MP is sendinga payload document of arbitrary size for consumption by EConnectXML.

3) Simple method invocation type operations. In this mode the payloadsin the Request and Response function as arguments and return valuesrespectively.

Every unique business process supported and published to an MP byEConnectXML has a defined ebXML MIME structure that must conform to aRequest and Response signature as depicted in the diagram above.

Salesforce.com Application Integration: Overview

Salesforce.com enables customers who have subscribed to the EnterpriseEdition of their CRM system to access and manage their data through thesforce SOAP API. The latest version is 3.0. The sforce API callsrepresent specific operations that client applications can invoke atrun-time to perform certain tasks. For example, one can query anorganization's data; add, update, and delete information; obtainmetadata about the organization's data; and run utilities to performadministration tasks.

The client application prepares and submits a service request to thesforce Web service, the sforce Web service processes the request andreturns a response, and the client application handles the response asappropriate. Once the API call is invoked, the client application waitsuntil it receives a response from the service. Asynchronous calls arenot supported. Every operation that writes to a salesforce.com table iscommitted automatically. This is analogous to the AUTOCOMMMIT setting inSQL. For create, update, and delete calls that attempt to write tomultiple rows in a table, the write operation for each row is treated asa separate transaction. For example, if a client application attempts tocreate two new accounts, they're created using mutually exclusive insertoperations that succeed or fail individually, not as a group.

For each sforce API call, a client application typically: (1) Preparesthe request by defining request parameters, if applicable; (2) Invokesthe call, which passes the request with its parameters to the sforce Webservice for processing; (3) Receives the response (synchronously) fromthe sforce Web service; and (4) Handles the response, either byprocessing the returned data (for a successful invocation) or byhandling the error (for a failed invocation).

In order to embed sforce API calls in a larger process, there is arequirement for a component to handle this login and session management.The interoperability network creates a process wrapper for the sforceAPI that serves this purpose. The client only needs to authenticate tothe network and submit a request to the process, which then logs inusing the appropriate SFDC credential, obtains a session, and makes therelevant call.

Another interesting feature of the sforce API is that the loginoperation redirects a client from the SOAP server published in the WSDLfile to a geographic back-end server for subsequent operations. Theinteroperability network's process wrapper can handle that redirecttransparently, so that the client doesn't need to know that any redirectis taking place.

According to a specific embodiment, the sforce API calls shown in thefollowing table are supported:

Supported Calls in the sforce API Task/Call Description Create Adds oneor more new individual objects to your organization's data. DeleteDeletes one or more individual objects from your organization's data.describeGlobal Retrieves a list of available objects for yourorganization's data. describeSObject Retrieves metadata (field list andobject properties) for the specified object type. GetDeleted Retrievesthe IDs of individual objects of the specified object that have beendeleted since the specified time. getServerTimestamp Retrieves thecurrent system timestamp (GMT) from the sforce Web service. getUpdatedRetrieves the IDs of individual objects of the specified object thathave been updated since the specified time. getUesrInfo Retrievespersonal information for the user associated with the current session.Login Logs in to the sforce single sign-on server and starts a clientsession. Query Executes a query against the specified object and returnsdata that matches the specified criteria. QueryMore Retrieves the nextbatch of objects from a query. resetPassword Changes a user's passwordto a server-generated value. Retrieve Retrieves one or more objectsbased on the specified object IDs. Search Executes a text search in yourorganization's data. setPassword Sets the specified user's password tothe specified value. Update Updates one or more existing objects in yourorganization's data.ADP Pay eXpert Application Integration: Overview

ADP Pay eXpert supports application integration through importing ofemployee data and pay data. If employee data is created using anexternal source, such as a human resources system (e.g., Employease),the data can be imported into the Pay eXpert® database without rekeyingthe data. After importing the employee data, the data can be treatedlike any other data that were entered directly into Pay eXpert. Theemployee data that is imported must be in an ADP-specified format, andassigned an ADP-specified filename. According to specific embodiments,the importing of Employease employee data into ADP is automated usingHTTPS/FTP gateways. According to a more specific embodiment, thisemployee data import can become a routine part of every payroll cycle.

Pay eXpert supports importing data files prepared in the comma separatedvalue (CSV) file format. There are many products, such as MicrosoftExcel, dBASE, and FoxPro that can help prepare a file in CSV format. ACSV file can also be prepared using a basic text editor. Each employeedata import file comprises multiple records, where a record is one lineof data in the file. The items in a record are separated from each otherby a comma or tab. The end of a record is indicated by a carriage returnand line feed. An employee data import file must contain at least twotypes of records: Header and Data. Similarly, pay/salary data can beimported into ADP Pay expert using CSV files.

The details of integrating the data associated with each of theapplications or services mentioned above are described below. It shouldagain be noted that these descriptions are provided for exemplarypurposes only, and that the present invention is not limited to theidentified services, applications, or integration techniques.

QuickBooks Data Integration Overview

Developing integration to QuickBooks requires an understanding of theQuickBooks data format. Since all data interactions with QuickBooks maybe transformed to qbXML, integrating the qbXML data format to other3.sup.rd party data formats may be accomplished by using common XMLtransformation technology such as XSL style sheets.

MIVA Data Integration Overview

Developing integration to the Miva Merchant suite requires anunderstanding of the Miva Merchant Data Format. Since all interactionswith the Miva Merchant Database is accomplished through the XML-basedMiva Script language, all inputs and outputs to the Miva MerchantDatabase are performed through an XML data format.

The Miva Merchant Database Schema is available for viewing over theinternet (www.miva.com/docs/api/db HTML/MMdb4x.html). Because thedatabase schema is well understood and all interactions with thedatabase are accomplished through XML, transforming results to adifferent XML Schema is executed with an XSL style sheet.

PayPal Data Integration Overview

For data integration, PayPal publishes an eBL/PayPal schema. The eBLschema library leverages existing business component schema models suchas Universal Business Language (UBL), ebXML, and EDI to re-use andcustomize common industry definitions of core business messagecomponents to meet specific business needs of eBay applications such asbuying, selling, payment, cataloguing, and product search. FIG. 8illustrates what needs to go into the SOAP envelope. Approval isimplicit in the response.

The PayPal Refund API is Built upon the Following eBL Schema:

AbstractRequestType—Base type definition of request payload that cancarry any type of payload content with optional versioning informationand detail level requirements.

AbstractResponseType—Base type definition of a response payload that cancarry any type of payload content with following optional elements: (1)The timestamp of the response message; (2) An application levelacknowledgement; and (3) Application-level errors and warnings.

Data integration with PayPal requires contructing AbstractRequestTypemessages and parsing AbstractResponsetType messages based on theeBL/PayPal schema.

Employease Data Integration Overview

For Employease, employee synchronization data is transmitted in an XMLfile format developed by Employease. Version 1.0 supports the standardPersonName and PostalAddress objects approved by the HR-XML Consortium.Future releases will strive to incorporate additional HR-XML industrystandards as they become available. Employee synchronization currentlysupports three transaction types: Insert, Update and Delete.

<EmployeeSynchronization>   <InsertEE></InsertEE>  <UpdateEE></UpdateEE>   <DeleteEE></DeleteEE></EmployeeSynchronization>

Each Employee Synchronization transaction shares a common element, a‘Key’, that is used to uniquely identify each individual employee in theEmployease Network. In addition, the Insert and Update transactionsshare a common set of fields that are always sent with each individualtransaction.

FIGS. 9-12 illustrate some samples of the request/reply objects. FIG. 9shows an example of the Key referred to above. FIG. 10 shows anexemplary Demographics object. FIG. 11 shows an exemplary Employmentobject. FIG. 12 shows an exemplary Earnings object.

For data integration with external applications such as ADP Pay eXpert,a mapping software such as Contivo can be used to normalize andtransform the Employease XML format into ADP-compliant CSV file format.

Salesforce.com Data Integration Overview

For data integration, the sforce SOAP API uses its own XML, data format.The latest version of the published schema is sforce API 3.0. In thesforce API, objects are data entities that represent an organization'sinformation. For example, the Account object representsaccounts-companies and organizations involved with a business, such ascustomers, partners, and competitors. To describe a particularoccurrence of an object (such as a specific account that is representedby an Account object), sforce uses the term object instance. An objectinstance is analagous to a row in a database table.

According to a specific embodiment, the Salesforce.com objects shown inthe following table are supported:

List of Supported salesforce.com Objects Object Description AccountRepresents an individual account, which is an organization involved withyour business (such as customers, competitors, and partners).AccountShare Represents a sharing entry on an Account. AccountTeamMemberRepresents a User who is a member of an Account team. AttachmentRepresents a file that a User has uploaded and attached to a parentobject. BusinessProcess Represents a business process. CampaignRepresents and tracks a marketing campaign, such as a direct mailpromotion, webinar, or trade show. CampaignMember Represents theassociation between a Campaign and either a Lead or Contact. CaseRepresents a case, which is a customer issue such as a customer'sfeedback, problem, or question. CaseComment Represents a comment thatprovides additional information about the associated Case. CaseHistoryRepresents historical information about changes that have been made tothe associated Case. CaseSolution Represents the association between aparticular Case and a particular Solution. CaseStatus Represents thestatus of a Case, such as New, On hold, In Process, and so on. ContactRepresents a contact, which is an individual associated with yourAccounts. Contract Represents a contract (a business agreement)associated with an Account. ContractStatus Represents the status of aContract, such as Draft, InApproval, Activated, Terminated, or Expired.CurreneyType Represents the currencies used by an organization for whichthe multi-currency feature is enabled. Document Represents a file that auser has uploaded. Unlike Attachment objects, Documents are not attachedto a parent object. Event Represents a calendar appointment event.Folder Represents a repository for a Document, MailMergeTemplate, emailtemplate, or report. Only one type of item can be contained in aparticular Folder. Group Represents a set of Users. GroupMemberRepresents a User or Group that is a member of a public group. LeadRepresents a lead, which is a prospect or potential Opportunity.LeadStatus Represents the status of a Lead, such as Open, Qualified, orConverted. MailMergeTemplate Represents a mail merge template (aMicrosoft Word document) used for performing mail merges for yourorganization. Note Represents a note, which is text associated with anAttachment, Contact, or Opportunity. Opportunity Represents anopportunity, which is a sale or pending deal. OpportunityCompetitorRepresents a competitor on an Opportunity. OpportunityContactRoleRepresents the association between an Opportunity and a Contact, with aspecified Role name applied to the contact. OpportunityLineItemRepresents an opportunity line item, which is a member of the list ofProduct2s associated with an Opportunity, along with other informationabout those products on that opportunity. OpportunityLineItemScheduleRepresents information about the quantity, revenue distribution, anddelivery dates for a particular OpportunityLineItem. OpportunityShareRepresents a sharing entry on an Opportunity. OpportunityStageRepresents the stage of an Opportunity in the sales pipeline, such asNew Lead, Negotiating, Pending, Closed, and so on. OpportunityTeamMemberRepresents an individual User on the sales team of a particularOpportunity. Partner Represents the association between two particularAccounts or between a particular Opportunity and an Account. PartnerRoleRepresents a role for an account Partner, such as consultant, supplier,and so on. Pricebook [Deprecated] Represents a price book that containsthe list of Product [Deprecated]s that your organization sells.Pricebook2 Represents a price book that contains the list of Product2sthat your organization sells. PricebookEntry Represents a product entry(an association between a Pricebook2 and Product2) in a pricebook.Product [Deprecated] Represents a product that your organization sells.A product is member of the list of items in a Pricebook [Deprecated].Product2 Represents a product that your organization sells. A product ismember of the list of items in a Pricebook2. Profile Represents aprofile, which defines a set of permissions to perform differentoperations, such as querying, adding, updating, or deleting information.RecordType Represents a record type. Role Represents a role in yourorganization. Scontrol Represents an sforce control, which is customcontent that is hosted by the server but executed by clientapplications. Solution Represents a solution, which is a detaileddescription of a customer issue and the resolution of that issue.SolutionStatus Represents the status of a Solution, such as Draft,Reviewed, and so on. Task Represents a task. TaskPriority Represents thepriority (importance) of a Task, such as High, Normal, or Low.TaskStatus Represents the status of a Task, such as Not started,Completed, or Closed. User Represents a user in your organization.UserTeamMember Represents a single User on the default sales team ofanother user.

Additionally, Salesforce.com provides a sforce Object Query Language(SOQL) and a sforce Object Search Language (SOSL). The sforce ObjectQuery Language (SOQL) is used to construct simple but powerful querystrings for the queryString parameter in the query call. Similar to theSELECT command in SQL, SOQL allows you to specify the source object(such as Account), a list of fields to retrieve, and conditions forselecting rows in the source object. The sforce Object Search Language(SOSL) is used to construct simple but powerful text searches for thesearch call. SOSL allows one to specify the text expression, the scopeof fields to search, the list of objects and fields to retrieve, and themaximum number of objects to return.

ADP Pay eXpert Data Integration Overview

ADP Pay eXpert uses CSV file format for employee and pay dataintegration. Each employee data import file comprises multiple records,where a record is one line of data in the file. The items in a recordare separated from each other by a comma or tab. The end of a record isindicated by a carriage return and line feed. An employee/pay dataimport file contains at least two types of records, e.g., Header andData. FIG. 13 shows the components of an employee data import file.

Data Synchronization and Data Flow

For all data sets that need to be persisted a system of record (SOR) isdefined. This is typically either where the data ends up or where it isentered into the system. There should never be more than one SOR for anydata set as this will lead to confusion and high support costs. The flowof all data entered into the system is managed by the interoperabilitynetwork. This provides reliable delivery of all transactions betweenapplications, and when an application is unavailable beyond a specificwindow there is a defined escalation procedure that, if appropriate,will result in human intervention. The key is that even in the event ofan error the system is in a known state and there is a definedcorrective action.

For Suite 1 (i.e., the eCommerce solution), the SOR is in Quicken, withthe interoperability network managing all transactions between MIVA andPayPal to ensure that at any point in time the customer can obtain aunified view of payments and inventory. Payment transactions flow fromPayPal to Quicken and similarly refund transactions flow from Quicken toPayPal. Inventory flows from Quicken to MIVA and corresponding salesinformation flows from MIVA to Quicken.

Suite 2 (i.e., the CRM solution) introduces another SOR to manage salesleads. When leads turn into completed sales the interoperability networkmanages transactions that update Quicken. Also as new customers that arenot in SalesForce come in through MIVA they are added to SalesForce toensure that the “Lead System” has a complete record of all past andpresent sales and leads. This is necessary, as the Sales professionalwill not typically have access to the accounting system, i.e., Quicken.Keeping both systems up to date allows the business to be aligned andoperating with current information.

Suite 3, (i.e., the HR solution) adds another SOR for human resourcedata and other systems to feed this data into and from. The HR system isEmployease; this system captures human resource data entered into it.The employee data is transferred on a scheduled basis to ADP for payrollprocessing and the resulting transaction is routed to QuickBooks toupdate cash flow. Expense tracking is also available in this suite. TheGelco expense tracking application captures expenses and the workflowaround reporting and management. The interoperability network manage thetransactions to update the cash flow in QuickBooks and ensures there isa consistent view of the business.

The interoperability network of the present invention also provides webbased administrative capabilities that enable an entity having access tothe network to monitor, manage and customize its own Business ServicesNetwork, including end-to-end visibility, policy and permissionmanagement, change management, exception handling and notification, andadministration and reporting. The reporting interface is customizableand extensible to enable integration into in-house management tools toprovide a single view of the virtual business network.

All messages sent into the interoperability network are uniquelyidentified and the sender has a receipt sent back to them synchronouslyto acknowledge receipt of the transaction. Within the receipt is aunique token that is unique for every message. Using this token allparties to the transaction can track and audit the process of anymessage through the reporting interface.

For entities setting up Business Services Networks to interact withcustomers, the interoperability network acts as a neutral third party inall interactions, providing the ability for all parties to quicklyresolve delivery issues. Rules can be defined around delivery to allowfor escalation procedures to be initiated in the cases when messages areunable to be delivered or where they are not responded to within amutually agreed time window. The interoperability network provides thecritical infrastructure to ensure no matter what happens messages arenever lost and they are always in a state that is known to all partiesin the transaction.

The secure infrastructure of the interoperability network enablescompanies to safely deploy mission-critical, enterprise class businessinitiatives while leveraging their existing investments. For example,the interoperability network is configured to ensure that enterprisescan manage trusted relationships between many organizations, each withdifferent access, authentication and encryption technologies, withoutunnecessary exposure of applications behind corporate firewalls.Differences in corporate security policies are handled through a policyframework, which mediates the differences. Each enterprises is incomplete control of configuring and enforcing access rights, andmultiple methods of authentication are supported.

By acting as a buffer between the world and each enterprise or user, theinteroperability network provides added security against direct attacks.By polling for messages from the interoperability network, eachenterprise or user does not need to provide in-bound HTTP or HTTPSaccess through firewalls, allowing each to avoid unnecessary firewallchanges.

According to a particular implementation, the underlying securityarchitecture of the interoperability network is based on WS-Policy, anextremely flexible mechanism for companies to mutually govern access tothe services deployed on the network. This mechanism ensures thatpartners exchange data over encrypted connections to network, theiridentities are verified, and access to each service is limited andcontrolled. These capabilities are further supported through industrystandards such as SSL, IPSEC, VPN's and X.509 digital certificates. Theinteroperability network is also fully extensible to cover other widelyadopted standards.

The interoperability network is built as a highly scalable distributedarchitecture. The distributed nature of the architecture allows forscaling in multiple dimensions. This ability to scale individual partsof the network independently allows new hardware to be added to meet anyperformance needs. The network was built from the ground up as a looselycoupled, Service Oriented Architecture (SOA). The complete capabilitiesof a standards-based integration technology platform are available forthe first time in a simple-to-use, self-service, web-based interface,enabling business processes to be rapidly built and deployed in thenetwork. A comprehensive set of services can be woven together toprovide the connectivity, security, process execution, policy mediationand visibility required to deploy transactional business processes.

Referring now to FIG. 14, a computer system 1400 suitable forimplementing various aspects of the present invention (e.g., server 107of FIG. 1) includes one or more central processing units (CPUs) 1402,one or more blocks of memory 1404, input and output interfaces 1406, anda bus 1408 (e.g., a PCI bus). Alternatively, computer systems employingpoint-to-point infrastructures instead of buses may also be employed.When acting under the control of appropriate software or firmware, CPU1402 is responsible for implementing various portions of the techniquesof the present invention. It preferably accomplishes all these functionsunder the control of software including an operating system and anyappropriate applications software. CPU 1402 may include one or moreprocessors. In a specific embodiment, some portion of memory 1404 (suchas non-volatile RAM and/or ROM) also forms part of CPU 1402. However,there are many different ways in which memory could be coupled to thesystem. Memory block 1404 may be used for a variety of purposes such as,for example, caching and/or storing data, program code, etc.

The input and output interfaces 1406 typically provide an interface tovarious I/O devices, such as mouse, keyboard, display, as well asproviding an communication interface with other computer systems over acomputer network. Among the communication interfaces that may beprovided are Ethernet interfaces, frame relay interfaces, cableinterfaces, DSL interfaces, token ring interfaces, and the like. Inaddition, various very high-speed interfaces may be provided such asfast Ethernet interfaces, Gigabit Ethernet interfaces, ATM interfaces,HSSI interfaces, POS interfaces, FDDI interfaces and the like.Generally, these interfaces may include ports appropriate forcommunication with the appropriate media. In some cases, they may alsoinclude an independent processor and, in some instances, volatile RAM.

It will be understood that the system shown in FIG. 14 is an exemplarycomputer system and is by no means the only system architecture on whichthe various aspects of the present invention can be implemented.

Regardless of system's configuration, it may employ one or more memoriesor memory modules (such as, for example, memory block 1404) configuredto store data, program instructions for the general-purpose networkoperations and/or the inventive techniques described herein. The programinstructions may control the operation of an operating system and/or oneor more applications, for example. The memory or memories may also beconfigured to store information in a repository directory.

Because such information and program instructions may be employed toimplement the systems/methods described herein, the present inventionalso relates to machine readable media that include programinstructions, state information, etc. for performing various operationsdescribed herein. Examples of machine-readable media include, but arenot limited to, magnetic media such as hard disks, floppy disks, andmagnetic tape; optical media such as CD-ROM disks and DVDs;magneto-optical media such as floptical disks; and hardware devices thatare specially configured to store and perform program instructions, suchas read-only memory devices (ROM) and random access memory (RAM). Theinvention may also be embodied in a carrier wave traveling over anappropriate medium such as airwaves, optical lines, electric lines, etc.Examples of program instructions include both machine code, such asproduced by a compiler, and files containing higher level code that maybe executed by the computer using an interpreter.

While the invention has been particularly shown and described withreference to specific embodiments thereof, it will be understood bythose skilled in the art that changes in the form and details of thedisclosed embodiments may be made without departing from the spirit orscope of the invention. It should also be noted that, while some of theexamples herein are described with reference to SOAP messages, thetechniques described herein apply to a wide variety of message formatsand protocols including, for example, FTP, EDI, generic HTTP, XML, textfiles, etc. The invention should therefore not be limited to anyspecific message format or protocol.

In addition, embodiments of the invention have been described hereinwith reference to a toolbar interface which facilitates access to theIAS solution. It will be understood, however, that such a toolbar andthe various interface described herein are merely exemplary and that thebasic functionalities of the present invention may be provided in a widevariety of ways without departing from the scope of the invention. Forexample, the functionalities of the present invention may be providedthrough the use of a role-based portal framework running in a user'sbrowser which manages navigation and authentication to the integratedsystems of the invention. Such a portal framework is described in U.S.patent application Ser. No. 10/820,650 for TECHNIQUES FOR PROVIDINGINTEROPERABILITY AS A SERVICE filed Apr. 7, 2004 (Attorney Docket No.ODVFP006) (now issued as U.S. Pat. No. 7,590,685), the entire disclosureof which is incorporated herein by reference for all purposes.

In addition, although various advantages, aspects, and objects of thepresent invention have been discussed herein with reference to variousembodiments, it will be understood that the scope of the inventionshould not be limited by reference to such advantages, aspects, andobjects. Rather, the scope of the invention should be determined withreference to the appended claims.

We claim:
 1. A method of facilitating access to a composite service on anetwork, the method comprising: receiving, from a computing device onthe network, a request to initiate an instance of the composite service;referencing a directory storing access policy information forconstituent services having operations integrated by the compositeservice, the constituent services being associated with and controlledby a plurality of independent service providers; using the access policyinformation to establish access to the constituent services; andenabling a user of the computing device to access the composite serviceas an integrated solution in which the composite service facilitatesmessaging between or among the constituent services.
 2. The method ofclaim 1, the method further comprising: receiving, from the computingdevice, a selection of a business application including the compositeservice; and receiving a statement of record for the selected businessapplication, the statement of record containing initial information foruse with the selected business application, the network disseminating atleast some portion of the statement of record to one or more of theconstituent services.
 3. The method of claim 1, the method furthercomprising: receiving enterprise identity information relating to afirst independent enterprise, the network disseminating at least some ofthe enterprise identity information to at least some of the constituentservices.
 4. The method of claim 3, the method further comprising:receiving user identity information relating to a user associated withthe first independent enterprise, the network disseminating at leastsome of the user identity information to the constituent services. 5.The method of claim 1, the method further comprising: providing a user'scomputing device administration information relating to an execution ofcomposite services available in a business application selectioninterface, the administration information corresponding to one or moreroles associated with the user of the administration interface.
 6. Themethod of claim 5, wherein the administration information comprisesinformation selected from a group consisting of: diagnostic reportinginformation, composite service configuration information, enterpriseidentity information, user identity information, and historicalinformation relating to previously-executed composite services.
 7. Themethod of claim 1, wherein one or more of the composite servicescommunicates with the network via a public network.
 8. The method ofclaim 1, wherein the selected composite service is a pre-definedbusiness solution selected from a group consisting of: an eCommercesolution, a customer relationship management (CRM) solution, and a humanresource (HR) management solution.
 9. A network for facilitating accessto a composite service by a plurality of users having associated clientmachines, the network comprising at least one computing device that runscode to: receive, from a computing device on the network, a request toinitiate an instance of the composite service; reference a directorystoring access policy information for constituent services havingoperations integrated by the composite service, the constituent servicesbeing associated with and controlled by a plurality of independentservice providers; use the access policy information to establish accessto the constituent services; and enable a user of the computing deviceto access the composite service as an integrated solution in which thecomposite service facilitates messaging between or among the constituentservices.
 10. The network of claim 9, wherein the at least one computingdevice further runs the code to: receive, from the computing device, aselection of a business application including the composite service; andreceive a statement of record for the selected business application, thestatement of record containing initial information for use with theselected business application, the network disseminating at least someportion of the statement of record to one or more of the constituentservices.
 11. The network of claim 11, wherein the at least onecomputing device further run the code to: receive enterprise identityinformation relating to a first independent enterprise, the networkdisseminating at least some of the enterprise identity information to atleast some of the constituent services.
 12. The network of claim 11,wherein the at least one computing device further runs the code to:receive user identity information relating to a user associated with thefirst independent enterprise, the network disseminating at least some ofthe user identity information to the constituent services.
 13. Thenetwork of claim 12, the at least one computing device further runs thecode to: provide a user, administration information relating to anexecution of composite services available in a business applicationselection interface, the administration information corresponding to oneor more roles associated with the user of the administration interface.14. The network of claim 13, wherein the administration informationcomprises information selected from a group consisting of: diagnosticreporting information, composite service configuration information,enterprise identity information, user identity information, andhistorical information relating to previously-executed compositeservices.
 15. The network of claim 9, wherein one or more of theinterfaces to the computing device are accessible via a toolbarinstalled on a web browser, the toolbar providing a single sign-on tothe composite services.
 16. The network of claim 9, further comprising:at least one data store having a directory stored therein which maps anidentity for each of the users to a policy framework which definesaccess information relating to the plurality of services.
 17. Thenetwork of claim 9, wherein one or more of the composite servicescommunicates with the network via a public network.
 18. The network ofclaim 9, wherein the selected composite service is a pre-definedbusiness solution selected from a group consisting of: an eCommercesolution, a customer relationship management (CRM) solution, and a humanresource (HR) management solution.
 19. A computer program productcomprising at least one non-transitory computer-readable storage mediumstoring instructions for facilitating access to a plurality of compositeservices, the instructions comprising: first instructions for receiving,from a computing device on a network, a request to initiate an instanceof a composite service; second instructions for referencing a directorystoring access policy information for constituent services havingoperations integrated by the composite service, the constituent servicesbeing associated with and controlled by a plurality of independentservice providers; third instructions for using the access policyinformation to establish access to the constituent services; and fourthinstructions for enabling a user of the computing device to access thecomposite service as an integrated solution in which the compositeservice facilitates messaging between or among the constituent services.20. The computer program product of claim 19, further comprising: fifthinstructions for receiving, from the computing device, a selection of abusiness application including the composite service; sixth instructionsfor receiving a statement of record for the selected businessapplication, the statement of record containing initial information foruse with the selected business application, the network disseminating atleast some portion of the statement of record to one or more of theconstituent services.
 21. The computer program product of claim 19,further comprising: fifth instructions for receiving enterprise identityinformation relating to a first independent enterprise, the networkdisseminating at least some of the enterprise identity information to atleast some of the constituent services.
 22. The computer program productof claim 19, further comprising: fifth instructions for receiving useridentity information relating to a user associated with the firstindependent enterprise, the network disseminating at least some of theuser identity information to the constituent services.
 23. The computerprogram product of claim 19, further comprising: fifth instructions forproviding a user's computing device administration information relatingto an execution of composite services available in a businessapplication selection interface, the administration informationcorresponding to one or more roles associated with the user of theadministration interface.